EUVD-2026-14691

The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filtersorderbyorder' parameter in the 'learndashpropaneltemplate' AJAX action in all versions up to, and including, 5.0.3. This is due to insufficient escaping on the user supplied parameter and lack o...

WordPress Course Migration for LearnDash plugin 1.0.2 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin Course Migration for LearnDash versions 1.0.2...

CVE-2024-8350

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgmmanagement/v1/adduser/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group...

WordPress plugin Uncanny Toolkit for LearnDash 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Uncanny Owl Groups for LearnDash Cross-Site Scripting Vulnerability

Uncanny Owl Groups for LearnDash is a plugin from Uncanny Owl Canada that provides the ability to sell courses for LearnDash in Wordpress. A cross-site scripting vulnerability exists in Uncanny Groups for LearnDash versions prior to v3.7, which allows an authenticated, remote attacker to inject...